Equifax fined £11 Million for 2017 data breach

Equifax, the leading multi-national consumer credit reporting agency has been fined £11 million by the UK Financial Conduct Authority (FCA) for failing to manage and monitor the security of UK consumer data it had outsourced to its parent company based in the US. In this blog, Clive Mackintosh, Founder of GDPR Rep, experts in GDPR Representative services digs into the details.

The breach occurred in 2017 and affected the personal data of approximately 13.8 million UK consumers. The data accessed by the hackers ranged from names, dates of birth, phone numbers, Equifax membership login details, partially exposed credit card details, and residential addresses.

The FCA found that Equifax had failed to:

• Treat its relationship with its parent company as outsourcing. As a result, it failed to provide sufficient oversight of how data it was sending was properly managed and protected.
• Take appropriate action to protect UK customer data in response to known weaknesses in Equifax Inc's data security systems.

The FCA said that the breach was "entirely preventable" and that Equifax's failings had "exposed millions of consumers to the risk of financial crime."

The £11 million fine is the highest ever imposed by the FCA for a data breach. It is also the first time that the FCA has fined a company for outsourcing data to a third party.

The fine is a reminder to all organisations that they are responsible for the security of their customers' data, even if they outsource it to a third party. Organisations must have adequate oversight of their third-party providers and take steps to protect their customers' data from being accessed by unauthorized individuals.

GDPR Rep is on a mission to help every business achieve and maintain GPDR representation. If you are looking into how your organisation can fulfil its requirements why not schedule a no-commitment call with a GDPR representative expert today, or get a quote to understand how our value pricing makes compliance simple.